BlueCat Gateway...DDI has been Left Out of Digital Transformation Traditional DDI operations, such...

BlueCat GatewaySolution Brief

BlueCat Gateway

www.bluecatnetworks.com 2

Table of Contents

Introduction ........................................................................................................................3

What is BlueCat Gateway ................................................................................................5

Capabilities ..........................................................................................................................7

a) Consolidation .............................................................................................................7

b) Business-Specific APIs .............................................................................................7

c) Leverage BlueCat Address Manager API ............................................................. 8

d) Certified Example Workflows ................................................................................ 8

e) Change Management...............................................................................................9

f) Easy Workflow Creation ...........................................................................................9

g) Built on Python ....................................................................................................... 10

h) How Gateway is Deployed .................................................................................... 10

BlueCat Gateway Use Cases ........................................................................................ 11

a) Cloud Resource Provisioning and Deallocation ............................................... 11

b) Integration ................................................................................................................12

c) Self Service ...............................................................................................................14

d) Zero-Touch Automation ........................................................................................16

Conclusion ........................................................................................................................17

BlueCat Gateway


IntroductionAs organizations continue to adopt and implement digital transformation initiatives such as

expanding their footprint in the cloud or moving to an intent-based networking approach, rapid and

reliable delivery of services has become table stakes. As IT professionals are tasked with enabling the

business with these new technologies and more aggressive SLAs (Service Level Agreements),

automation has become central to contemporary digital transformation efforts. It enables

organizations to define, orchestrate, and quickly implement complex business processes across

systems, people, partners and customers to drive greater value for customers.

Organizations wishing to streamline their overall operations must include DNS processes in their

automation efforts. Computerization minimizes the complexity of DNS configuration and reduces

the risk of human error while improving productivity. Non-expert users can thus rapidly make

changes to historically complex technology without causing DNS failures that could lead to major

business disruptions.

Nonetheless, most enterprise DNS operations remain largely manual.

BlueCat Gateway is a Web application that modernizes DNS operations by providing a platform for

developing and deploying automated modular workflows. This platform simplifies DNS

configuration tasks, speeds development, and gives end users self-service access to DNS services

while reducing training requirements, lowering the risk of DNS configuration errors, and delivering

the flexibility to meet organizations’ unique requirements.

This white paper details the capabilities BlueCat Gateway offers developers and end users. It also describes

key use cases, including automated cloud provisioning, integration with existing change management

systems, end-user self service, and zero-touch automation for automating back-end functions.

Automation is Integral to Enterprise Transformation and Growth

Organizations are increasingly turning to digital transformation to drive change across the

enterprise. Digital transformation initiatives that allow organizations to better connect with

customers and deliver greater value depend on the deployment of innovative technologies.

But even as IT organizations are tasked with advancing the business using new technologies, they

must also meet growing demand for mainstream services. For example, over the past 10 years, Wi-Fi

service has gone from being a nice-to-have to a must-have for virtually every user. Similarly,

companies have evolved from provisioning virtual machines (VMs) once for use in a static manner

to asking IT to continually spin up and spin down VMs to optimize compute. But that’s just

scratching the surface. A flood of new technologies have emerged to significantly speed the delivery

of applications, services and compute. Containers, microservices, Kubernetes, and powerful new

automation frameworks like Ansible and Puppet have fundamentally changed the speed of business

and IT management.

BlueCat Gateway


Meeting these ever growing business demands requires IT organizations to operate more efficiently.

IT organizations are thus automating workflows, developing dynamic infrastructures that can be

modified quickly and cost effectively, and improving change management and governance.

In the process, IT teams are transforming themselves into IT as a service (ITaaS) to deliver the right IT

services at the right time at the right level of service. IT organizations are offering self-service

portals and providing service catalogs that identify, define and control services available to end-

users and developers. And through the use of APIs, IT is empowering end users and developers to

quickly link modularized services together to modify the infrastructure as necessary to meet user

requirements.

DDI has been Left Out of Digital Transformation

Traditional DDI operations, such as creating network zones and assigning the IP addresses needed

to locate services and devices, however, have only just begun to realize the potential of automation.

Users perform DNS tasks manually, use solutions that require deep knowledge of complex APIs to

create automated workflows, or employ out-of-the-box solutions that provide inflexible, canned

workflows that cannot be customized. As a result, organizations are unable to meet SLAs for

completing even the most basic DNS related tasks or fully automate scores of IT operations that

depend on DNS.

The Need to Simplify and Automate DNS Operations

To keep up with growing network and DNS environments, today’s organizations are looking to an

Adaptive DNS approach to bring their DNS operations the same level of efficiency and automation

as the rest of their IT operations. They want to minimize the complexity of DNS configuration by

reducing the need for coding, thereby lowering the risk of mistakes at all skill levels and allowing

non-experts to get what they need without constantly turning to an expert. Rather than requiring

network and DNS administrators to perform the same tasks repeatedly through the Address

Manager UI or direct API calls, organizations want to automate all everyday IPAM tasks and DNS

operations involved in standing up networks or adding new devices. At the same time, they want the

flexibility to meet their unique infrastructure requirements.

This requires smart Infrastructure as Code (IaC) solutions that incorporate domain knowledge to

ensure that requirements are met rather than demanding that IT teams manually translate business

requirements into complex configurations. IaC solutions manage and provision IT resources

through machine-readable definition files, rather than physical hardware configuration or interactive

configuration tools. The benefits of an IaC approach are many, including speed and simplicity in

deploying infrastructure, consistency in configuration, development efficiency and risk minimization.

BlueCat Gateway


What is BlueCat Gateway BlueCat Gateway brings the efficiency organizations have come to expect from IT services using IaC

capabilities to DNS operations. Gateway is an extensible platform that allows you to take complex,

resource-intensive, automated tasks and build cleaner and lighter implementations while enabling a

simple, self-service focused environment. Simply put, Gateway enables users to provide their

organization with a more simplified and self-service focused environment. It simplifies DNS

configuration tasks and speeds development, while providing authentication/access control, reducing

developer and end user training requirements, and lowering the risk of DNS configuration errors.

BlueCat Gateway


A Modern Development Platform for Automating DNS Operations

Using BlueCat Gateway, IT teams can:

• Automate cloud provisioning—IT can automate the DNS services necessary to provision and

deallocate cloud resources, so they can respond to user requests instantly. Automated cloud

provisioning reduces bottlenecks in delivering cloud services that all too often result in shadow

IT, where end users request services directly from the cloud vendor without IT’s knowledge.

Shadow IT can lead to security risks and excessive costs that IT is unable to manage.

• Integrate with existing systems—Organizations can integrate BlueCat Gateway with almost any

application. Such integration allows them to, for example, use their ITSM (IT Service Management)

solutions, such as ServiceNow, OpenStack or vRO, for change management and auditing even as

they automate DNS-related workflows. This integration gives IT greater visibility into any DNS-

related changes that occur.

• Provide self-service to end users—IT can provide end-users with web forms through a self-

service portal that allows them to request services, such as device registration/onboarding or

provisioning/decommissioning a server, and use automated DNS workflows to fulfill these

requests. By automating request fulfillment, IT can instantly address end user service requests

and thereby more easily meet service level agreements (SLAs).

• Deliver zero-touch automation—IT can automate backend functions, such as failover for a

BlueCat Address Manager, without human intervention.

BlueCat Gateway


CapabilitiesBlueCat Gateway brings together all the building blocks for automating enterprise DNS operations in

a single, easy-to-learn, easy-to-use development environment using RESTful APIs that implement

your business logic. Key capabilities provided by this environment include:

• Consolidation

• A business logic layer

• The ability to leverage the BlueCat Address Manager API

• BlueCat Certified Example DNS Workflows

• Change management

• Easy workflow creation

• Support for Python

a) Consolidation

BlueCat Gateway consolidates all the business logic necessary to set up DNS for a resource, such as

a network or device. It thereby allows IT to minimize the number of scripts the organization has and

centralize the remaining scripts.

Typically, IT must perform a number of operations to assign DNS resources, such as determining the

available networks or making API calls. BlueCat Gateway can bundle all the necessary APIs together

into a sophisticated service layer rather than requiring IT to write an application that makes separate

API calls. This service layer can then be integrated into an end-to-end workflow.

For instance, IT might create a form in BlueCat Gateway that, when filled out and submitted to a

user, initiates a workflow that configures BlueCat Address Manager (BAM) and other systems. IT has

the option to expose this workflow as a service. If IT creates a “Get IP” service, other applications

that need this service can make a single call and the service will provide the necessary IP address.

b) Business-Specific APIs

When organizations want to automate the delivery of cloud compute services, they need to perform

many activities in addition to those related to DNS. BlueCat Gateway gives organizations a single

modern automation platform to directly consume business-specific APIs that completely encapsulate

third-party vendor or BlueCat-specific implementation details, allowing them to perform these

functions. If aspects of the cloud compute environment change, IT needs only to make changes to

business process workflows that contain both DNS and related processes in one place.

BlueCat Gateway


c) Leverage BlueCat Address Manager API

BlueCat Address Manager (BAM) is an IPAM solution that consolidates a wealth of data about every

device and connection to a network. It then enables other network systems to easily consume this

data to gain insight and make better decisions about network management, capacity planning and

security. BAM isolates users from the complexity of managing and configuring IP address

provisioning and core services by wrapping multiple low-level API calls to the IP Address

Management (IPAM) system into a single service call.

The BlueCat API provides the interface that network IT departments need to make automated,

process-compliant changes to IP and DNS configurations while retaining complete visibility and

control over IPAM data. The unified standards-based API set allows them to access all elements of the

BlueCat solution so they can integrate with infrastructure solutions from leading commercial vendors

including VMware, IBM, HP, and BMC. BlueCat Connectors target the common network-related

applications that interact with IPAM – from orchestration and provisioning to event management.

d) Certified Example Workflows

BlueCat makes available on GitHub a library of Certified Example Workflows for tasks such as adding

a host record, alias record, text record, or IP address. BlueCat developed and tested these workflows

to demonstrate the kinds of workflows that one can build for BlueCat Gateway. While these

workflows are production ready, they also serve as templates that IT can modify and extend to fit

the organization’s needs. Rather than coding a workflow from scratch, IT can simply pull the

workflows from GitHub into BlueCat Gateway and then make necessary changes.

Visit BlueCat’s GitHub repository at https://github.com/bluecatlabs

https://github.com/bluecatlabs

BlueCat Gateway


BlueCat has productized the maintenance of this library to ensure that each library remains up to date.

It also guarantees that libraries comply with standards and conventions to simplify learning and use.

Any customer can check out the code from the libraries, make modifications, and check the code

back in. Or they can create their own workflows and add them to the libraries. A community of

customers can innovate and contribute to an ever growing library of workflows, for the benefit of all.

e) Change Management

Input/export capabilities within BlueCat Gateway allow organizations to build, verify, and validate

modules in a test environment and then easily promote them to a production environment. This

modular approach simplifies change management and enables users who are not highly technical to

roll out code once it’s been developed.

f) Easy Workflow Creation

BlueCat Gateway makes it fast and easy to build self-service web forms that integrate with BAM APIs

and workflows. IT can give these forms to end users to allow them to initiate a request that is

fulfilled with an automated DNS workflow, for example, for device registration/onboarding,

provisioning/decommissioning servers, user creation/management, or bulk processing.

BlueCat Gateway


Using self-service web templates, IT can offer an intuitive interface that eliminates the need to train

end users on highly technical processes while preventing them from making mistakes, such as

accidently pressing delete instead of deploy.

The templates can incorporate the following:

• Widgets – As IT develops forms, they can load easily configurable “widgets” to perform tasks.

For example, if IT wants to enable a user to select a configuration, view and zone, they can

employ packaged widgets for each operation. Widgets can be dynamically populated as the

user fills in each field.

• Full customizability – The UI allows IT to fully customize the look and feel of web forms. For

example, users can choose their desired color scheme or add a company logo.

• Permissions – The BlueCat Gateway web form framework enables IT to set role-based

permissions. Administrator permissions give developers full access to developer/administrator

capabilities. User-level permissions can prevent access to specified capabilities. These

permissions allow non-technical users to fill out and submit a form to request services while

preventing them from accessing capabilities that could potentially damage the system.

g) Built on Python

BlueCat Gateway is based on Python, which has become the language of choice for network

automation. Because Python is relatively easy to learn compared to other programming languages,

its adoption has grown rapidly in recent years.

The open source nature of Python means nearly anyone can learn how to create a workflow and

nothing is hidden behind proprietary implementations. This creates a flexible base which can be built

upon to create any solution necessary. If you can imagine it, you can build it!

h) How Gateway is Deployed

BlueCat recommended deployment approach

DatabaseLayer

SOAP over HTTPs

REST over HTTP(s)

REST over HTTP(s)

AccessLayer

TransportLayer

RequestLayer

AddressManager

ActiveNode

AddressManager

PassiveNode

AddressManager

PassiveNode

LoadBalancer

Gateway Gateway Gateway Gateway Gateway

BlueCat Gateway


BlueCat Gateway Use CasesBlueCat Gateway simplifies the assignment of DNS within a number of use cases. Among the most

popular use cases are rapid provisioning and deallocation of cloud resources, integration, end-user

self service, and zero-touch automation.

a) Cloud Resource Provisioning and Deallocation

Today, organizations are increasingly extending their on-premises systems by deploying cloud

resources. Business users have come to expect that these cloud resources will be available instantly.

But providing the necessary DNS services has become a bottleneck, often taking a VM admin or

DNS expert weeks as they navigate deployment windows and approval processes.

When business users encounter such delays, they often respond by purchasing third-party cloud

services through their expense accounts. While cloud subscriptions free business users from IT

controls and restrictions, they lead to the problem of shadow IT, where individuals across the

organization subscribe to a cloud resources without IT knowledge or oversight. Shadow IT causes

security risks as users create holes in the firewall to access cloud systems from on-premises

solutions, problems due to incompatible applications, and high costs for cloud services.

BlueCat Gateway allows organizations to automate the allocation of DNS services by enabling

organizations to extend Adaptive DNS systems into the cloud, just as they would to a remote

physical data center. IT can add resources instantly to meet customer expectations, reducing the

risk that users will subscribe to shadow cloud resources. This automation can extend to the

creation and management of entirely new virtual private clouds, subnets, and associated DNS zones.

In addition, when organizations use BlueCat Gateway to provision cloud resources they gain the

ability to manage all their DNS in one central location. Even if the third-party cloud provider doesn’t

allow them to manage the DNS, the integration provides a central view into what DNS has been

created.

Another concern with cloud resources is that IP/Connectivity for the cloud is extremely expensive as

are the resources necessary to run these services continuously. Moreover, IP addresses that are no

longer in active use can cause clutter. Over time, organizations can build up so much bloat that

they don’t know which IP addresses they are or aren’t using. Thus, when an organization is finished

using cloud resources, it pays to deallocate that compute and associated IP addresses.

Deallocating resources efficiently takes coordination and automation. Additionally, IT organizations

need audit trails to recreate the resources if necessary. IT organizations can use BlueCat Gateway to

automate and track the cloud deallocation process. Timely deallocation can save thousands to tens

of thousands of dollars each month. Deallocation gives IT greater visibility into what resources are

available. It also reduces errors and outages caused by guessing whether a machine is in use or

eliminates the need to ask everyone in the organization whether they are still using it.

BlueCat Gateway


Example: Cloud Deployment

• Challenge: An organization wanted to allow corporate cloud users to quickly allocate and

deallocate compute instances in the cloud, give IT instant visibility into DNS and accounting of

these systems, and quickly extend its on-premises environment to the cloud through bi-

directional name resolution.

• Resolution: BlueCat Gateway enables companies to extend their Adaptive DNS system into the

cloud just as they would to a physical remote datacenter, providing instant visibility and bi-

directional resolution.

Beyond these core use cases, BlueCat enables further automation of cloud requests, including the

creation and management of entirely new VPCs, subnets, and associated DNS zones right from the

company’s enterprise ticketing system.

b) Integration

Most organizations have unique requirements that make a one-size-fits-all solution less than

optimal. BlueCat Gateway enables customers to integrate with almost any application through our

complete set of open source APIs, using REST or other endpoints. We also provide sample

integration workflows on GitHub that customers can modify for their own use case.

One common use case for integration is ITSM. Companies today are looking to ensure change

control for everything that occurs in their environment. Whenever engineers introduce any change,

it needs to be logged somewhere. As a result, change management solutions such as ServiceNow

and Remedy are playing an increasing role in IT environments. Many companies want to use these

change control solutions to keep tabs on their DNS and IPAM activities as well.

BlueCat Gateway allows organizations to integrate DNS workflows with change control solutions.

Client

Client-drivenQuery on request

Proactively, continuouslysynchronizing

Client On-prem Client On-prem

Client

Client On-prem

Client

DNS IntegrityGateway

Gateway

BlueCat Gateway


For example, they may create a web form in BlueCat Gateway to submit a request for an IP address

or to add a printer to the network. Filling out the form triggers ServiceNow to automatically open a

ticket, track any changes that occur during the back-end workflow, and then close the ticket.

Organizations can perform this integration in one of two ways: They can use BlueCat Gateway web

forms as the front end to call ServiceNow (or another application) to create a trouble ticket. BlueCat

Gateway tracks tickets created in the UDF (User Defined Fields) of BAM. If someone wants to refer

to the ticket, they simply use BlueCat Gateway to view the UDF in the BAM record to find the ticket

number associated with the ServiceNow record. Alternatively, organizations can enable the ITSM

solution to call BlueCat APIs, so BlueCat services can be used within ITSM workflows.

By integrating BlueCat Gateway with change management solutions, organizations benefit from a

comprehensive audit trail. As the workflows automate and accelerate request fulfillment, the

change management solution keeps track of who fulfilled each request and what they did.

Organizations gain visibility into changes made, which is useful during an audit or for regulatory

compliance. At the same time, end users can continue to employ their accustomed front end,

eliminating the need for additional training.

Example: IP Space Management and Visibility

• Challenge: A multinational professional services network had an IP space managed outside of

BAM and lacked visibility into that space.

• Resolution: BlueCat created a method to push data into BAM for viewing access only.

Example: Single Source Visibility

• Challenge: Lack of visibility into an IP space managed outside of Address Manager.

• Resolution: BlueCat created a method to push data into BAM, giving a single source of data for

the entire businesses IP space.

BlueCat Gateway


Example: ServiceNow

• Challenge: Users faced a lengthy process for requesting approvals for new services. When the

user made a request, the administrator would have to manually verify the validity of the request

and then create the service.

• Resolution: BlueCat automated the workflows that ServiceNow uses to make requests for

approvals. Administrators now send requests to BlueCat Gateway, which handles approval

logistics. As a result, they know that submitted data is valid and can be approved instantly.

c) Self ServiceWhen users need an IP address for a server or printer, they typically must ask an administrator to

provision it for them. This task requires considerable manual effort and takes time away from

strategic initiatives.

To improve efficiency and enable IT to devote itself to innovation, many organizations want to

enable end users to submit requests themselves and automate their fulfillment. But many current

systems are too technical for typical end users. For example, when requesting an IP address or a

host record, end users must know which network and zone to put the host record in, something

they’re unlikely to be aware of.

With BlueCat Gateway, IT organizations can make it easy for a non-technical user to provision their

own services without having to learn complicated programming. IT simply creates self-service forms

that end users can employ to kick off workflows that automate back end processes related to DNS

provisioning. These workflows integrate with other systems that expose APIs to complete end-to-

end processes that extend beyond DNS. For example, these workflows can create tickets within a

change management system or logging solution such as Splunk. The user simply goes to a self-

ServiceNow

ServiceNow

User

User

AddressManager

AddressManager

Gateway

BlueCat Gateway


service portal, uses a form to make a request, and a script runs that completes the provisioning in

the background. IT can incorporate permissions to prevent end users from changing anything

they’re not supposed to.

As developers create these workflows, they can take advantage of the fact that BlueCat Gateway is

programmer friendly. Programmers create workflows using pre-built components that easily

integrate with any other service that exposes its APIs.

By creating self service workflows, organizations see benefits that include:

• Eliminating the human error that comes from manual provisioning. Such errors can keep the

device from being onboarded properly and mean that IT must spend time troubleshooting what

went wrong.

• Saving time and resources. Tasks that once took days, now take minutes. Companies can now

respond to market demands and deliver services to end users more quickly.

• Creating comprehensive logs to trace what was done. If something goes wrong, IT can see

what was happening at the time to speed troubleshooting. Full audit trails improve regulatory

compliance.

• Enforcing good processes. By using workflows to enforce standards, organizations can ensure

that data going into the system is of the highest quality. Following standards reduces the need

for administrators to oversee the process and to be involved with the creation of every record,

allowing them to concentrate on more strategic issues.

Example: Record Creation

• Challenge: Users who want to create DNS resource records require extensive training. For

example, if users wish to create Host (A) Records, they need training in DNS and in Address

Manager.

• Resolution: BlueCat Gateway simplifies the process of creating A records, plus other resource

records, by reducing the complexity of IPAM and enabling access to it from an intuitive web

form suitable for users of any skill level.

Example: Customized Reporting

• Challenge: Some companies must follow strict regulations and produce extremely complex

reports involving multiple cross sections of data.

• Resolution: BlueCat brings together disparate sources of data from IPAM, DNS Edge,

BlueCat Gateway


ServiceNow and so on. With minimal effort, you can then automate the process of extracting,

sorting and curating datasets to create more comprehensive customized reports.

Example: Bulk Uploads

• Challenge: Companies must add, modify, or delete large numbers of IP addresses, host records

or other objects.

• Resolution: Rather than manually writing scripts, organizations can use BlueCat to create

custom bulk uploads that add, modify, and delete many IP addresses, host records, and so on,

at once, saving time.

d) Zero-Touch Automation

Zero-touch integration is used when IT wants something to happen on the back end without the

need for human intervention. For example, IT might want the system to recognize when a BAM goes

down and then automatically failover to a secondary address manager while generating the

appropriate logs and fixing the problem automatically. Zero touch automation makes the failover

faster and easier. It also reduces resource load on the team by allowing the organization to prevent

problems without constant human monitoring.

Example: Orchestration

• Challenge: Many companies need to track complex BAM data, including resource locations,

ownership, groups, and tags for thousands of subnets.

• Resolution: BlueCat helped companies expose service layers to enable orchestration. We

reduced BAM complexity by exposing services that bundle multiple API calls.

Example: Automating Manual Tasks

• Challenge: The customer faced tedious manual processes for opening multiple sites, allocating

subnets, reserving addresses, creating host records, and so on.

• Resolution: BlueCat created a workflow that used a template to automate the processes of

opening multiple sites, allocating a subnet with reserved addresses, and adding host records,

thereby saving time.

BlueCat Gateway


20181024-002

About BlueCatBlueCat is the Adaptive DNS Company™. The largest global enterprises trust BlueCat to provide

the foundation for digital transformation strategies such as cloud migration, virtualization and

cybersecurity. Our Adaptive DNS platform improves control and compliance across entire

networks, enabling organizations to centralize and automate DNS services for security and

operational efficiency. For more information, please visit www.bluecatnetworks.com.

© 2018 BlueCat Networks (USA) Inc. and/or its affiliates. All rights reserved. BlueCat, BlueCat Networks, the BlueCat logo, are trademarks of BlueCat Networks (USA) Inc. and/or its affiliates. All other product and company names are trademarks or registered trademarks of their respective holders. BlueCat assumes no responsibility for any inaccuracies in this document. BlueCat reserves the right to change, modify, transfer or otherwise revise this publication without notice.

ConclusionAs organizations increasingly rely on IT for digital transformation and providing essential day-to-day

services, IT must become more efficient in all its operations, including DNS configuration and

development. BlueCat Gateway boosts IT productivity by bringing together all the building blocks

for automating enterprise DNS operations in a single, easy-to-learn, easy-to-use development

environment. It can be used for automating cloud provisioning, integrating with existing change

management systems, providing self service to end users and delivering zero touch automation.

With BlueCat Gateway, organizations can now reduce work for network and DNS administrators, cut

the risk of mistakes, and give end users the DNS services they want without having to turn to an

expert--all with the flexibility to meet their unique infrastructure requirements.

https://www.bluecatnetworks.com

BlueCat Gateway...DDI has been Left Out of Digital Transformation Traditional DDI operations, such...

Documents

Transcript of BlueCat Gateway...DDI has been Left Out of Digital Transformation Traditional DDI operations, such...